Virus lokal bernama Siggen yang bertemakan cinta akan memblokir seluruh file berekstensi .zip, .rar dan .exe. Tujuannya, agar aplikasi antivirus tidak dapat mengapus program jahat ini.
Namun setelah mengetahui ciri komputer yang terjangkit, ternyata ada beberapa cara sederhana untuk membasmi virus tersebut. Seperti yang dalam keterangan yang diterima detikINET dari vaksincom, Kamis (30/6/2011). Caranya dimulai dengan:
1. Matikan proses virus yang aktif di memori. Sebagai informasi virus ini dibuat dengan menggunakan program Visual Basic (VB), sehingga relatif mudah untuk mematikan proses virus yang sedang aktif dengan menggunakan tools KillVB. Silahkan download tools tersebut di alamat berikut.
2. Perbaiki registry yang sudah di ubah oleh virus. Virus ini cukup banyak melakukan perubahan pada registry Windows, untuk mempercepat proses perbaikan copy script di bawah ini pada program notepad kemudian simpan dengan nama REPAIR.INF. Install file tersebut dengan cara :
klik kanan REPAIR.INF
Kemudian pilih [INSTALL]
Berikut script yang harus disalin:
| [Version] Signature="$Chicago$" Provider=Vaksincom Oyee [DefaultInstall] AddReg=UnhookRegKey DelReg=del [UnhookRegKey] HKLM, Software\CLASSES\batfile\shell\open\command,,,"""% 1"" %*" HKLM, Software\CLASSES\comfile\shell\open\command,,,"""% 1"" %*" HKLM, Software\CLASSES\exefile\shell\open\command,,,"""% 1"" %*" HKLM, Software\CLASSES\piffile\shell\open\command,,,"""% 1"" %*" HKLM, Software\CLASSES\regfile\shell\open\command,,,"reg edit.exe "%1"" HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""% 1"" %*" HKLM, SOFTWARE\Classes\.zip,,, "winzip" HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe" HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe" HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe" [del] HKCU, Software\noF i T r I on Computer HKLM, SYSTEM\CurrentControlSet\Services\noF i T r I on Computer HKLM, SYSTEM\ControlSet001\Services\noF i T r I on Computer HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\noF i T r I on Computer HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AudioSystem.exe HKCU, Software\Policies\Microsoft\Windows\system, DisableCMD HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, NoClose HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, NoFind HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, NoFolderOptions HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, NoControlPanel HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, NoRun HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, NosaveSettings HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, NoStartMenuMorePrograms HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, NoViewContextMenu HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, NoViewonDrive HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \System, DisableMsConfig HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \System, DisableRegistryTools HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \System, DisableTaskMgr HKCU, Control Panel\Desktop,SCRNSAVE.EXE HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AudioSystem.exe HKLM, SOFTWARE\noF i T r I on Computer HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, DisableMSI HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, LimitSystemRestoreCheckPointing HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\0000.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ahnlab.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansavd.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avas.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVG.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ccapp.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cclaw.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleaner.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanmgr.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DriverDetective.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DriverScanner.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Fixinstall.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\folderlockbox_setup.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Free Fire Screensaver.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Hunter.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install_flash_player.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISUNIST.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kaspersky.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keygen.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\limeware.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LNKSTUB.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mobsync.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOOBE.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msra.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAPSTAT.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETSETUP.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nip.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nipsvc.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Niu.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Njeeves.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32krn.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32kui.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Norman.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Norton.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvccf.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcoas.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcod.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcsched.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Panda.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMV-RTP.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppclean.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procexp.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regdir.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Restore my files.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rminstall.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTRUI.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityConfig.exe.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Smadav 2009 Rev. 3.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmaRTP.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Sophos.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symantec.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st5unst.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supercleaner.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Task.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Taskkill.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfnotice.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tiny.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trend.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrendAntiVirus.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojan Hunter.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojan.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanHunter.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TweakUi.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Unins.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Unins000.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Uninst.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Uninstall.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unlocer.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unlocker.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNWISE.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Upd.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Update.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V2iBrowser.exe.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VProConsole_.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinHIIP.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unwise32.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\youtubesetup.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ypsr.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ypsrru.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZoneLabs.exe |
4. Hapus file yang dibuat oleh virus termasuk di USB Flash. Untuk mempercepat proses penghapusan, Anda dapat menggunakan fungsi Search/Find dari Windows dengan kata kunci *.exe dan *.scr. Tapi ingat, jangan sampai salah menghapus file.
File yang dibuat oleh virus ini memiliki ciri-ciri, berukuran 76 KB, tidak menyertakan icon, tipe file Application atau Screen Saver. Setelah itu kemudian hapus file berikut ini:
- OBE.sacura [semua drive]
- Autorun.inf [semua drive]
- Folder [-], semua drive
- Folder [Kasihku], semua drive
- Folder [Koleksi ScreenSaver], semua drive
- C:\WINDOWS\system32\blank.htm
- C:\Documents and Settings\%user%\http_www.patah-hati.com
Untuk pembersihan optimal, sebaiknya scan dengan menggunakan antivirus yang up-to-date, atau bisa menggunakan tools gratis Dr.Web CureIt yang bisa didapat melalui link berikut.
